1 files changed, 209 insertions, 0 deletions
diff --git a/src/lib/libcrypto/x509/pcy_int.h b/src/lib/libcrypto/x509/pcy_int.h
new file mode 100644
index 0000000000..6632b787fa
--- /dev/null
+++ b/src/lib/libcrypto/x509/pcy_int.h
@@ -0,0 +1,209 @@
+/* $OpenBSD: pcy_int.h,v 1.1 2020/06/04 15:19:31 jsing Exp $ */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2004.
+ */
+/* ====================================================================
+ * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+__BEGIN_HIDDEN_DECLS
+typedef struct X509_POLICY_DATA_st X509_POLICY_DATA;
+DECLARE_STACK_OF(X509_POLICY_DATA)
+/* Internal structures */
+/* This structure and the field names correspond to the Policy 'node' of
+ * RFC3280. NB this structure contains no pointers to parent or child
+ * data: X509_POLICY_NODE contains that. This means that the main policy data
+ * can be kept static and cached with the certificate.
+ */
+struct X509_POLICY_DATA_st {
+        unsigned int flags;
+        /* Policy OID and qualifiers for this data */
+        ASN1_OBJECT *valid_policy;
+        STACK_OF(POLICYQUALINFO) *qualifier_set;
+        STACK_OF(ASN1_OBJECT) *expected_policy_set;
+};
+/* X509_POLICY_DATA flags values */
+/* This flag indicates the structure has been mapped using a policy mapping
+ * extension. If policy mapping is not active its references get deleted.
+ */
+#define POLICY_DATA_FLAG_MAPPED                 0x1
+/* This flag indicates the data doesn't correspond to a policy in Certificate
+ * Policies: it has been mapped to any policy.
+ */
+#define POLICY_DATA_FLAG_MAPPED_ANY             0x2
+/* AND with flags to see if any mapping has occurred */
+#define POLICY_DATA_FLAG_MAP_MASK               0x3
+/* qualifiers are shared and shouldn't be freed */
+#define POLICY_DATA_FLAG_SHARED_QUALIFIERS      0x4
+/* Parent node is an extra node and should be freed */
+#define POLICY_DATA_FLAG_EXTRA_NODE             0x8
+/* Corresponding CertificatePolicies is critical */
+#define POLICY_DATA_FLAG_CRITICAL               0x10
+/* This structure is cached with a certificate */
+struct X509_POLICY_CACHE_st {
+        /* anyPolicy data or NULL if no anyPolicy */
+        X509_POLICY_DATA *anyPolicy;
+        /* other policy data */
+        STACK_OF(X509_POLICY_DATA) *data;
+        /* If InhibitAnyPolicy present this is its value or -1 if absent. */
+        long any_skip;
+        /* If policyConstraints and requireExplicitPolicy present this is its
+         * value or -1 if absent.
+         */
+        long explicit_skip;
+        /* If policyConstraints and policyMapping present this is its
+         * value or -1 if absent.
+         */
+        long map_skip;
+};
+/*#define POLICY_CACHE_FLAG_CRITICAL            POLICY_DATA_FLAG_CRITICAL*/
+/* This structure represents the relationship between nodes */
+struct X509_POLICY_NODE_st {
+        /* node data this refers to */
+        const X509_POLICY_DATA *data;
+        /* Parent node */
+        X509_POLICY_NODE *parent;
+        /* Number of child nodes */
+        int nchild;
+};
+struct X509_POLICY_LEVEL_st {
+        /* Cert for this level */
+        X509 *cert;
+        /* nodes at this level */
+        STACK_OF(X509_POLICY_NODE) *nodes;
+        /* anyPolicy node */
+        X509_POLICY_NODE *anyPolicy;
+        /* Extra data */
+        /*STACK_OF(X509_POLICY_DATA) *extra_data;*/
+        unsigned int flags;
+};
+struct X509_POLICY_TREE_st {
+        /* This is the tree 'level' data */
+        X509_POLICY_LEVEL *levels;
+        int nlevel;
+        /* Extra policy data when additional nodes (not from the certificate)
+         * are required.
+         */
+        STACK_OF(X509_POLICY_DATA) *extra_data;
+        /* This is the authority constained policy set */
+        STACK_OF(X509_POLICY_NODE) *auth_policies;
+        STACK_OF(X509_POLICY_NODE) *user_policies;
+        unsigned int flags;
+};
+/* Set if anyPolicy present in user policies */
+#define POLICY_FLAG_ANY_POLICY          0x2
+/* Useful macros */
+#define node_data_critical(data) (data->flags & POLICY_DATA_FLAG_CRITICAL)
+#define node_critical(node) node_data_critical(node->data)
+/* Internal functions */
+X509_POLICY_DATA *policy_data_new(POLICYINFO *policy, const ASN1_OBJECT *id,
+    int crit);
+void policy_data_free(X509_POLICY_DATA *data);
+X509_POLICY_DATA *policy_cache_find_data(const X509_POLICY_CACHE *cache,
+    const ASN1_OBJECT *id);
+int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps);
+STACK_OF(X509_POLICY_NODE) *policy_node_cmp_new(void);
+void policy_cache_init(void);
+void policy_cache_free(X509_POLICY_CACHE *cache);
+X509_POLICY_NODE *level_find_node(const X509_POLICY_LEVEL *level,
+    const X509_POLICY_NODE *parent, const ASN1_OBJECT *id);
+X509_POLICY_NODE *tree_find_sk(STACK_OF(X509_POLICY_NODE) *sk,
+    const ASN1_OBJECT *id);
+int level_add_node(X509_POLICY_LEVEL *level,
+    const X509_POLICY_DATA *data, X509_POLICY_NODE *parent,
+    X509_POLICY_TREE *tree, X509_POLICY_NODE **nodep);
+void policy_node_free(X509_POLICY_NODE *node);
+int policy_node_match(const X509_POLICY_LEVEL *lvl,
+    const X509_POLICY_NODE *node, const ASN1_OBJECT *oid);
+const X509_POLICY_CACHE *policy_cache_set(X509 *x);
+__END_HIDDEN_DECLS

diff --git a/src/lib/libcrypto/x509/pcy_int.h b/src/lib/libcrypto/x509/pcy_int.h new file mode 100644 index 0000000000..6632b787fa --- /dev/null +++ b/src/lib/libcrypto/x509/pcy_int.h
@@ -0,0 +1,209 @@
	1	/* $OpenBSD: pcy_int.h,v 1.1 2020/06/04 15:19:31 jsing Exp $ */
	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
	3	* project 2004.
	4	*/
	5	/* ====================================================================
	6	* Copyright (c) 2004 The OpenSSL Project. All rights reserved.
	7	*
	8	* Redistribution and use in source and binary forms, with or without
	9	* modification, are permitted provided that the following conditions
	10	* are met:
	11	*
	12	* 1. Redistributions of source code must retain the above copyright
	13	* notice, this list of conditions and the following disclaimer.
	14	*
	15	* 2. Redistributions in binary form must reproduce the above copyright
	16	* notice, this list of conditions and the following disclaimer in
	17	* the documentation and/or other materials provided with the
	18	* distribution.
	19	*
	20	* 3. All advertising materials mentioning features or use of this
	21	* software must display the following acknowledgment:
	22	* "This product includes software developed by the OpenSSL Project
	23	* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
	24	*
	25	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
	26	* endorse or promote products derived from this software without
	27	* prior written permission. For written permission, please contact
	28	* licensing@OpenSSL.org.
	29	*
	30	* 5. Products derived from this software may not be called "OpenSSL"
	31	* nor may "OpenSSL" appear in their names without prior written
	32	* permission of the OpenSSL Project.
	33	*
	34	* 6. Redistributions of any form whatsoever must retain the following
	35	* acknowledgment:
	36	* "This product includes software developed by the OpenSSL Project
	37	* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
	38	*
	39	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
	40	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	41	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
	42	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
	43	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
	44	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	45	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
	46	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	47	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
	48	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	49	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
	50	* OF THE POSSIBILITY OF SUCH DAMAGE.
	51	* ====================================================================
	52	*
	53	* This product includes cryptographic software written by Eric Young
	54	* (eay@cryptsoft.com). This product includes software written by Tim
	55	* Hudson (tjh@cryptsoft.com).
	56	*
	57	*/
	58
	59	__BEGIN_HIDDEN_DECLS
	60
	61	typedef struct X509_POLICY_DATA_st X509_POLICY_DATA;
	62
	63	DECLARE_STACK_OF(X509_POLICY_DATA)
	64
	65	/* Internal structures */
	66
	67	/* This structure and the field names correspond to the Policy 'node' of
	68	* RFC3280. NB this structure contains no pointers to parent or child
	69	* data: X509_POLICY_NODE contains that. This means that the main policy data
	70	* can be kept static and cached with the certificate.
	71	*/
	72
	73	struct X509_POLICY_DATA_st {
	74	unsigned int flags;
	75	/* Policy OID and qualifiers for this data */
	76	ASN1_OBJECT *valid_policy;
	77	STACK_OF(POLICYQUALINFO) *qualifier_set;
	78	STACK_OF(ASN1_OBJECT) *expected_policy_set;
	79	};
	80
	81	/* X509_POLICY_DATA flags values */
	82
	83	/* This flag indicates the structure has been mapped using a policy mapping
	84	* extension. If policy mapping is not active its references get deleted.
	85	*/
	86
	87	#define POLICY_DATA_FLAG_MAPPED 0x1
	88
	89	/* This flag indicates the data doesn't correspond to a policy in Certificate
	90	* Policies: it has been mapped to any policy.
	91	*/
	92
	93	#define POLICY_DATA_FLAG_MAPPED_ANY 0x2
	94
	95	/* AND with flags to see if any mapping has occurred */
	96
	97	#define POLICY_DATA_FLAG_MAP_MASK 0x3
	98
	99	/* qualifiers are shared and shouldn't be freed */
	100
	101	#define POLICY_DATA_FLAG_SHARED_QUALIFIERS 0x4
	102
	103	/* Parent node is an extra node and should be freed */
	104
	105	#define POLICY_DATA_FLAG_EXTRA_NODE 0x8
	106
	107	/* Corresponding CertificatePolicies is critical */
	108
	109	#define POLICY_DATA_FLAG_CRITICAL 0x10
	110
	111	/* This structure is cached with a certificate */
	112
	113	struct X509_POLICY_CACHE_st {
	114	/* anyPolicy data or NULL if no anyPolicy */
	115	X509_POLICY_DATA *anyPolicy;
	116	/* other policy data */
	117	STACK_OF(X509_POLICY_DATA) *data;
	118	/* If InhibitAnyPolicy present this is its value or -1 if absent. */
	119	long any_skip;
	120	/* If policyConstraints and requireExplicitPolicy present this is its
	121	* value or -1 if absent.
	122	*/
	123	long explicit_skip;
	124	/* If policyConstraints and policyMapping present this is its
	125	* value or -1 if absent.
	126	*/
	127	long map_skip;
	128	};
	129
	130	/#define POLICY_CACHE_FLAG_CRITICAL POLICY_DATA_FLAG_CRITICAL/
	131
	132	/* This structure represents the relationship between nodes */
	133
	134	struct X509_POLICY_NODE_st {
	135	/* node data this refers to */
	136	const X509_POLICY_DATA *data;
	137	/* Parent node */
	138	X509_POLICY_NODE *parent;
	139	/* Number of child nodes */
	140	int nchild;
	141	};
	142
	143	struct X509_POLICY_LEVEL_st {
	144	/* Cert for this level */
	145	X509 *cert;
	146	/* nodes at this level */
	147	STACK_OF(X509_POLICY_NODE) *nodes;
	148	/* anyPolicy node */
	149	X509_POLICY_NODE *anyPolicy;
	150	/* Extra data */
	151	/STACK_OF(X509_POLICY_DATA) extra_data;*/
	152	unsigned int flags;
	153	};
	154
	155	struct X509_POLICY_TREE_st {
	156	/* This is the tree 'level' data */
	157	X509_POLICY_LEVEL *levels;
	158	int nlevel;
	159	/* Extra policy data when additional nodes (not from the certificate)
	160	* are required.
	161	*/
	162	STACK_OF(X509_POLICY_DATA) *extra_data;
	163	/* This is the authority constained policy set */
	164	STACK_OF(X509_POLICY_NODE) *auth_policies;
	165	STACK_OF(X509_POLICY_NODE) *user_policies;
	166	unsigned int flags;
	167	};
	168
	169	/* Set if anyPolicy present in user policies */
	170	#define POLICY_FLAG_ANY_POLICY 0x2
	171
	172	/* Useful macros */
	173
	174	#define node_data_critical(data) (data->flags & POLICY_DATA_FLAG_CRITICAL)
	175	#define node_critical(node) node_data_critical(node->data)
	176
	177	/* Internal functions */
	178
	179	X509_POLICY_DATA policy_data_new(POLICYINFO policy, const ASN1_OBJECT *id,
	180	int crit);
	181	void policy_data_free(X509_POLICY_DATA *data);
	182
	183	X509_POLICY_DATA policy_cache_find_data(const X509_POLICY_CACHE cache,
	184	const ASN1_OBJECT *id);
	185	int policy_cache_set_mapping(X509 x, POLICY_MAPPINGS maps);
	186
	187
	188	STACK_OF(X509_POLICY_NODE) *policy_node_cmp_new(void);
	189
	190	void policy_cache_init(void);
	191
	192	void policy_cache_free(X509_POLICY_CACHE *cache);
	193
	194	X509_POLICY_NODE level_find_node(const X509_POLICY_LEVEL level,
	195	const X509_POLICY_NODE parent, const ASN1_OBJECT id);
	196
	197	X509_POLICY_NODE tree_find_sk(STACK_OF(X509_POLICY_NODE) sk,
	198	const ASN1_OBJECT *id);
	199
	200	int level_add_node(X509_POLICY_LEVEL *level,
	201	const X509_POLICY_DATA data, X509_POLICY_NODE parent,
	202	X509_POLICY_TREE tree, X509_POLICY_NODE *nodep);
	203	void policy_node_free(X509_POLICY_NODE *node);
	204	int policy_node_match(const X509_POLICY_LEVEL *lvl,
	205	const X509_POLICY_NODE node, const ASN1_OBJECT oid);
	206
	207	const X509_POLICY_CACHE policy_cache_set(X509 x);
	208
	209	__END_HIDDEN_DECLS